Switching from Http to Https, but what about images and image link juice?
-
Hi Ya'll.
I'm transitioning our http version website to https. Important question:
Do images have to have 301 redirects? If so, how and where?
Please send me a link or explain best practices.
Best,
Shawn
-
Shawn124, whenever you move from HTTP to HTTPs, you'll need to set up the 301 permanent redirects for pages on the site only. The other elements, such as images, JavaScript (if they're external files), and .CSS files will need to be changed only in the code so that they reference the new HTTPs URLs, and not HTTP.
If you load an HTTP element (such as an image that uses the full URL in it's reference rather than the image filename only) on an HTTPs URL, then the browser will give you an error. So generally you need to do two things:
-
set up 301 Permanent Redirect for the page URLs.
-
search the entire website for all references to HTTP and change them to HTTPs (unless you're linking out to an external site).
If the site is in WordPress, you can use the Search and Replace plugin to replace it all at once in the database.
-
-
If you 301 redirect all HTTP URLs to HTTPS On the origin server,
To Move the origin server the HTTP to HTTPS On the origin server your redirects on your images will follow
#1
NGINX
Add the following to your Nginx config.
server { listen 80; server_name domain.com www.domain.com; return 301 https://domain.com$request_uri; }
Apache
Add the following to your
.htaccess
file.RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
(TOOL Apache htaccess to NGINX config tool https://winginx.com/en/htaccess)
#2
Search and replace the old HTTP:// URLs to New HTTPS://
http://mydomain.com
tohttps://mydomain.com
http://www.mydomain.com
tohttps://www.mydomain.com
Use CLI or https://interconnectit.com/products/search-and-replace-for-wordpress-databases/
#3
Alert Google that you are migrating to HTTPS https://www.google.com/webmasters/tools/home?hl=en
You will have no issue with your images.
Your link juice will flow as it did before because Google is no longer penalizing multiple redirects (So they SAY BUT don't over use redirects) keep them to a minimum, please.
https://www.deepcrawl.com/knowledge/best-practice/the-zen-guide-to-https-configuration/
https://www.deepcrawl.com/knowledge/best-practice/https-dilemma-security-seo/
#4
If on WordPress using proxy or just have insecure content use
Really Simple SSL: https://wordpress.org/plugins/really-simple-ssl/
Your insecure content is fixed by replacing all HTTP:// URLs with HTTPS://, except links to other external domains. Everything is done dynamically.
If using a Photos on a WAF or Pull CDN Force HTTPS
Connections#5
For example, if you're using a CloudFlare for Photos? You would use page rules to force a 301 redirect HTTPS
https://tools.keycdn.com/curl see #9 in https://www.maxcdn.com/one/tutorial/edge-rules-recipes/
#6
301's will not lose link juice see:
https://moz.com/blog/301-redirection-rules-for-seo
#7
Test using https://www.deepcrawl.com/ & or https://www.screamingfrog.co.uk/seo-spider/
(For a larger picture of the image below about redirect rule changing and link juice click on this URL http://i.imgur.com/vqyT6gm.jpg )
#8
If still needing tips or help read below.
Do images have to have 301 redirects? Yes
Citing:
http://searchengineland.com/http-https-seos-guide-securing-website-246940
"Making the switch from HTTP to HTTPS
- Start with a test server. This is important because it lets you get everything right and test without screwing it up in real time. Even if you are doing the switch without a test server, there’s almost nothing you can do that you can’t recover from, but it’s still best practice to have a plan and have everything tested ahead of time.
- Crawl the current website so that you know the current state of the site and for comparison purposes.
- Read any documentation regarding your server or CDN for HTTPS. I run into lots of fun CDN issues, but it can also be straightforward.
- Get a security certificate and install on the server. This will vary depending on your hosting environment and server setup too much for me to go into details, but the process is usually well-documented.
- Update references in content. This can usually be done with a search-and-replace in the database. You’ll want to update all references to internal links to use HTTPS or relative paths.
- Update references in templates. Again, depending on how you deploy, this might be done with Git or simply Notepad++, but you’ll want to make sure references to scripts, images, links and so on are either using HTTPS or relative paths.
- Update canonical tags. Most CMS systems will take care of this for you when you make the switch, but double-check, because that’s not always the case.
- **Update hreflang tags **if your website uses them, or any other tags such as OG tags for that matter. Again, most CMS systems will take care of this, but it’s best to QA it just in case.
- Update any plugins/modules/add-ons to make sure nothing breaks and that nothing contains insecure content. I commonly see internal site search and forms missed.
- CMS-specific settings may need to be changed. For major CMS systems, these are usually well-documented in migration guides.
- Crawl the site to make sure you didn’t miss any links and nothing is broken. You can export any insecure content in one of the Screaming Frog reports if this is the crawler you are using.
- Make sure any external scripts that are called support HTTPS.
- Force HTTPS with redirects. This will depend on your server and configuration but is well-documented for Apache, Nginx, and IIS.
- Update old redirects currently in place (and while you’re at it, take back your lost links from redirects that haven’t been done over the years). I mentioned during the Q&A portion of the Technical SEO Panel at SMX West that I’ve never had a site drop in rankings or traffic when switching to HTTPS, and a lot of people questioned me on this. Due diligence on redirects and redirect, chains are likely the difference, as this is what I see messed up the most when troubleshooting migrations.
- Crawl the old URLs for any broken redirects or any redirect chains, which you can find in a report with Screaming Frog.
- **Update sitemaps **to use HTTPS versions of the URLs.
- **Update your robots.txt file **to include your new sitemap.
- Enable HSTS. This tells the browser always to use HTTPS, which eliminates a server-side check and makes your website load faster. This can also cause confusion at times, since the redirect will show as 307. It could have a 301 or a 302 behind it, though, and you may need to clear your browser cache to see which.
- Enable OCSP stapling. This enables a server to check if a security certificate is revoked instead of a browser, which keeps the browser from having to download or cross-reference with the issuing certificate authority.
- Add HTTP/2 support.
- Add the HTTPS version of your site to all the search engine versions of webmaster tools that you use and load the new sitemap with HTTPS to them. This is important, as I’ve seen traffic drops misdiagnosed because they saw the traffic in the HTTP profile drop, when the traffic in reality moved to the HTTPS profile. Another note for this is that you do not need to use the Change of Address Tool when switching from HTTP to HTTPS.
- Update your disavow file if you had one for the HTTPS version.
- Update your URL parameter settings if you had these configured.
- Go live!
- In your analytics platform, make sure you update the default URL if one is required to ensure that you are tracking HTTPS properly, and add notes about the change so that you know when it occurred for future reference.
- Update your social share counts. There’s a lot of gotchas to this, in that some of the networks will transfer the counts through their APIs, while others will not. There are already guides for this around if you are interested in keeping your share counts.
- Update any paid media, email or marketing automation campaigns to use the HTTPS versions of the URLs.
- Update any other tools such as A/B testing software, heat maps and keyword tracking to use the HTTPS versions of the URLs.
- Monitor everything during the migration and check, double-check and triple-check to make sure everything is going smoothly. There are so many places where things can go wrong, and it seems like there are usually several issues that come up in any switch to HTTPS.
One question I’m often asked is if incoming links should be cleaned up. This is a tremendous amount of outreach and effort. If you have time, then sure; but most likely you’re busy with other things, and I don’t feel it’s necessary. However, you should update the links on any properties that you control, such as social profiles."
** you asked for the best links here are what you need**
- https://yoast.com/dev-blog/move-website-https-ssl/
- https://www.semrush.com/blog/how-to-survive-a-website-migration-semrushchat/?l=en
- https://www.digitalocean.com/community/questions/how-to-redirect-all-traffic-to-https-non-www
- https://moz.com/community/q/301-redirect-all-pictures-when-moving-to-a-new-site
- Link juice
** examplesI have put a lot more below**
- https://www.digitalocean.com/community/questions/how-to-redirect-all-traffic-to-https-non-www
- https://kinsta.com/knowledgebase/redirect-http-to-https/
- https://bjornjohansen.no/redirect-to-https-with-nginx
Unless you have to modify whatever system it is powering them, do you have a CDN? Or using something like AWS S3?
If so your images should move with the rest of the site. If you're posting them on a content delivery network or an AWS S3 whatever it is you must redirect that as well.
- https://yoast.com/dev-blog/move-website-https-ssl/
- https://support.google.com/webmasters/answer/83106?hl=en&ref_topic=6029673
- **https://moz.com/learn/seo/redirection **
- https://moz.com/community/q/301-redirect-all-pictures-when-moving-to-a-new-site
juice will not be lost long is you tell Google your moving the site see the URL below for how to redirect
Some of the systems will have buttons where you'd just click HTTPS others will require you to put the code into the system. I have posted the code below for Nginx as well as Apache.
Redirect from HTTP to https
This last bit will help you tremendously when you’ve not updated every single link on your site yet. You can just add a straight server level redirect from HTTP to https. In NGINX, we do this by having two servers defined in our config, the “right” one; that listens on port 443 and a simple one that listens on port 80 (standard HTTP) and has just this:
server {
listen 80;
server_name yoursite.com www.yoursite.com;
return 301 https://yoursite.com$request_uri;
}This seems to be the fastest way of doing this in NGINX, in Apache you’d do something like this:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]- Tools
- http://www.aleydasolis.com/htaccess-redirects-generator/nonwww-to-www/
- https://yoast.com/research/permalink-helper.php
- http://www.contentforest.com/seo-tools/url-redirect-generator
- https://donatstudios.com/RewriteRule_Generator
- http://www.rapidtables.com/web/tools/redirect-generator.htm
How to force SSL with. htaccess
If you want to force your entire website to go through https, you can add these rules to your .htaccess file:
| |
RewriteEngineOnRewriteCond%{SERVER_PORT}80RewriteRule^(.*)$https://yourdomain.com/$1 [R,L]
|
If your site is in a subfolder, use this code:
| |
RewriteEngineOnRewriteCond%{SERVER_PORT}80RewriteCond%{REQUEST_URI}folderRewriteRule^(.*)$https://yourdomain.com/folder/$1 [R,L]
|
Only replace yourdomain.com with your actual domain name.
Test with
- https://varvy.com/tools/redirects/
- https://varvy.com/pagespeed/hsts.html
- https://varvy.com/mobile/mobile-redirects.html
- http://searchengineland.com/http-https-seos-guide-securing-website-246940
Hope this helps,
Thomas
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Infographic links were good?
I submit infographic to visual.li, source and a little description. Are these links were good for website link profile? And can I submit same inforgraphi to other websites? http://visual.ly/divya-ashwagandha-churna
Intermediate & Advanced SEO | | bondhoward0 -
Link Audit - Sponsor/Partners Images Links
Hi everyone, 1. I'm conducting a link audit and read that if you are a sponsor or partner of a company, links should be nofollowed. I always no follow them if they are money keywords, but branded I leave alone. is that a good strategy? Or do i nofollow my brand name as well? 2. What if I'm a sponsor and have my company logo on their website that links to my website? How would i know if that link should be nofollowed? a. Does it depend on the "alt" of the image? b. Does it depend on the landing page of the link of the image? c. Do i just no follow image links from sponsor pages and partner pages as a whole? Please keep in mind that I'm sponsoring websites that are relevant to my niche. PLEASE HELP!
Intermediate & Advanced SEO | | Shawn1240 -
Should I try to change these links or no?
Hey guys, I need some advice on a link profile I'm currently working on. Our client sells a product in the hunting industry and has been around for over ten years. I just finished up classifying and looking at all of their links today and found that around half of them are sponsor links, links on "link pages," and a few directory links with almost all of them being followed. Because we are the first company to do SEO for them, I know that these aren't maliciously solicited links, but I'm worried that they may be having a negative impact on the site. Most of the links are coming from other non-competing websites in the outdoor industry which typically tends to have very antiquated sites with very antiquated practices. Essentially, I don't want to go out and try to nofollow or disavow all of these links that the website has had for a long time on other related websites if they're helping us, but I also don't want to be leaving anything up that could algorithmically be identified as spam. Below are some examples to show you what I'm referring to by the sponsor links and link resource pages. Any advice would be much appreciated. Thanks! Sponsored - http://www.becomeabetterhunter.com/ or http://outdoorobsession.tv/ or http://thehollywoodhunter.com/ Link Resource Pages - http://bowhuntamerica.com/links or http://cornerarchery.com/CompanyLinks.html
Intermediate & Advanced SEO | | CaddisInteractive0 -
Image optimization in 2013
hello post the google Image update ( http://googlewebmastercentral.blogspot.com/2013/01/faster-image-search.html ) please could you let me know what the status of image optimization is and also what the best practices are? Thank you so much. I appreciate it. Vijay
Intermediate & Advanced SEO | | vijayvasu0 -
Google consolidating link juice on duplicate content pages
I've observed some strange findings on a website I am diagnosing and it has led me to a possible theory that seems to fly in the face of a lot of thinking: My theory is:
Intermediate & Advanced SEO | | James77
When google see's several duplicate content pages on a website, and decides to just show one version of the page, it at the same time agrigates the link juice pointing to all the duplicate pages, and ranks the 1 duplicate content page it decides to show as if all the link juice pointing to the duplicate versions were pointing to the 1 version. EG
Link X -> Duplicate Page A
Link Y -> Duplicate Page B Google decides Duplicate Page A is the one that is most important and applies the following formula to decide its rank. Link X + Link Y (Minus some dampening factor) -> Page A I came up with the idea after I seem to have reverse engineered this - IE the website I was trying to sort out for a client had this duplicate content, issue, so we decided to put unique content on Page A and Page B (not just one page like this but many). Bizarrely after about a week, all the Page A's dropped in rankings - indicating a possibility that the old link consolidation, may have been re-correctly associated with the two pages, so now Page A would only be getting Link Value X. Has anyone got any test/analysis to support or refute this??0 -
Should I remove paid links?
I recently added about 20 paid links from directories but have since seen a 10% drop in traffic. I did also delete about 1000 pages of content that had no inbound links and were duplicated on other sites on the web and replaced the content with new content supplied by a client but still duplicated on other sites on the web, old URLs no longer valid or linked to, new content on new URLs. Assuming the drop in traffic had nothing to do with the content change mentioned above, should I remove the paid links in an attempt to recover? I don't think the old content was bringing in much traffic as it appeared elsewhere on more authoritive sites than mine.
Intermediate & Advanced SEO | | Mulith0 -
Links from tumblr
I have two links from hosted tumblr blogs which are not on tumblr.com. So, website1 has a tumblr blog: tumblr.website1.com And another site website2.com also uses the a record/custom domains option from tumblr but not on a subdomain, which is decribed below: http://www.tumblr.com/docs/en/custom_domains Does this mean that all links from such sites count as coming from the same IP in google's eyes? Or is there value in getting links from multiple sites because the a-record doesn't affect SEO in a negative way? Many thanks, Mike.
Intermediate & Advanced SEO | | team740 -
Push for site-wide https, but all pages in index are http. Should I fight the tide?
Hi there, First Q&A question 🙂 So I understand the problems caused by having a few secure pages on a site. A few links to the https version a page and you have duplicate content issues. While there are several posts here at SEOmoz that talk about the different ways of dealing with this issue with respect to secure pages, the majority of this content assumes that the goal of the SEO is to make sure no duplicate https pages end up in the index. The posts also suggest that https should only used on log in pages, contact forms, shopping carts, etc." That's the root of my problem. I'm facing the prospect of switching to https across an entire site. In the light of other https related content I've read, this might seem unecessary or overkill, but there's a vaild reason behind it. I work for a certificate authority. A company that issues SSL certificates, the cryptographic files that make the https protocol work. So there's an obvious need our site to "appear" protected, even if no sensitive data is being moved through the pages. The stronger push, however, stems from our membership of the Online Trust Alliance. https://otalliance.org/ Essentially, in the parts of the internet that deal with SSL and security, there's a push for all sites to utilize HSTS Headers and force sitewide https. Paypal and Bank of America are leading the way in this intiative, and other large retailers/banks/etc. will no doubt follow suit. Regardless of what you feel about all that, the reality is that we're looking at future that involves more privacy protection, more SSL, and more https. The bottom line for me is; I have a site of ~800 pages that I will need to switch to https. I'm finding it difficult to map the tips and tricks for keeping the odd pesky https page out of the index, to what amounts to a sitewide migratiion. So, here are a few general questions. What are the major considerations for such a switch? Are there any less obvious pitfalls lurking? Should I even consider trying to maintain an index of http pages, or should I start work on replacing (or have googlebot replace) the old pages with https versions? Is that something that can be done with canonicalization? or would something at the server level be necessary? How is that going to affect my page authority in general? What obvious questions am I not asking? Sorry to be so longwinded, but this is a tricky one for me, and I want to be sure I'm giving as much pertinent information as possible. Any input will be very much appreciated. Thanks, Dennis
Intermediate & Advanced SEO | | dennis.globalsign0